Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/11/17/2 | Mailing List Patch |
https://wiki.zimbra.com/wiki/Security_Center | Release Notes |
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy | Not Applicable |
Configurations
Configuration 1 (hide)
|
History
22 Dec 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/11/17/2 - Mailing List, Patch |
17 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2023, 17:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:zimbra:zimbra:8.8.15:p26:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p32:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p5:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p33:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p40:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p35:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p38:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p30:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p31:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p34:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p3:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p37:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:8.8.15:p11:*:*:*:*:*:* cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:* |
|
References | (MISC) https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy - Not Applicable | |
References | (MISC) https://wiki.zimbra.com/wiki/Security_Center - Release Notes, Vendor Advisory | |
First Time |
Zimbra zimbra
Zimbra |
31 Jul 2023, 17:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-31 16:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37580
Mitre link : CVE-2023-37580
CVE.ORG link : CVE-2023-37580
JSON object : View
Products Affected
zimbra
- zimbra
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')